Dave Jiang wrote: > Create callback function to support the nvdimm_security_ops ->disable() > callback. Translate the operation to send "Disable Passphrase" security > command for CXL memory device. The operation supports disabling a > passphrase for the CXL persistent memory device. In the original > implementation of nvdimm_security_ops, this operation only supports > disabling of the user passphrase. This is due to the NFIT version of > disable passphrase only supported disabling of user passphrase. The CXL > spec allows disabling of the master passphrase as well which > nvidmm_security_ops does not support yet. In this commit, the callback > function will only support user passphrase. > > See CXL rev3.0 spec section 8.2.9.8.6.3 for reference. > > Reviewed-by: Davidlohr Bueso <[email protected]> > Reviewed-by: Jonathan Cameron <[email protected]> > Signed-off-by: Dave Jiang <[email protected]> > --- > drivers/cxl/core/mbox.c | 1 + > drivers/cxl/cxlmem.h | 8 ++++++++ > drivers/cxl/security.c | 26 ++++++++++++++++++++++++++ > include/uapi/linux/cxl_mem.h | 1 + > 4 files changed, 36 insertions(+) > > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c > index cc08383499e6..2563325db0f6 100644 > --- a/drivers/cxl/core/mbox.c > +++ b/drivers/cxl/core/mbox.c > @@ -67,6 +67,7 @@ static struct cxl_mem_command > cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = { > CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0), > CXL_CMD(GET_SECURITY_STATE, 0, 0x4, 0), > CXL_CMD(SET_PASSPHRASE, 0x60, 0, 0), > + CXL_CMD(DISABLE_PASSPHRASE, 0x40, 0, 0), > }; > > /* > diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h > index 725b08148524..9ad92f975b78 100644 > --- a/drivers/cxl/cxlmem.h > +++ b/drivers/cxl/cxlmem.h > @@ -275,6 +275,7 @@ enum cxl_opcode { > CXL_MBOX_OP_GET_SCAN_MEDIA = 0x4305, > CXL_MBOX_OP_GET_SECURITY_STATE = 0x4500, > CXL_MBOX_OP_SET_PASSPHRASE = 0x4501, > + CXL_MBOX_OP_DISABLE_PASSPHRASE = 0x4502, > CXL_MBOX_OP_MAX = 0x10000 > }; > > @@ -390,6 +391,13 @@ struct cxl_set_pass { > u8 new_pass[NVDIMM_PASSPHRASE_LEN]; > } __packed; > > +/* disable passphrase input payload */ > +struct cxl_disable_pass { > + u8 type; > + u8 reserved[31]; > + u8 pass[NVDIMM_PASSPHRASE_LEN]; > +} __packed; > + > enum { > CXL_PMEM_SEC_PASS_MASTER = 0, > CXL_PMEM_SEC_PASS_USER, > diff --git a/drivers/cxl/security.c b/drivers/cxl/security.c > index 5365646230c3..85b4c1f86881 100644 > --- a/drivers/cxl/security.c > +++ b/drivers/cxl/security.c > @@ -70,9 +70,35 @@ static int cxl_pmem_security_change_key(struct nvdimm > *nvdimm, > return rc; > } > > +static int cxl_pmem_security_disable(struct nvdimm *nvdimm, > + const struct nvdimm_key_data *key_data) > +{ > + struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm); > + struct cxl_memdev *cxlmd = cxl_nvd->cxlmd; > + struct cxl_dev_state *cxlds = cxlmd->cxlds; > + struct cxl_disable_pass dis_pass; > + int rc; > + > + /* > + * While the CXL spec defines the ability to erase the master > passphrase, > + * the original nvdimm security ops does not provide that capability. > + * The sysfs attribute exposed to user space assumes disable is for user > + * passphrase only. In order to preserve the user interface, this > callback > + * will only support disable of user passphrase. The disable master > passphrase > + * ability will need to be added as a new callback. > + */
The changelog already covered this. You can just delete this because a follow on patch fixes this by adding a new op so this comment would just confuse a future reader.
